CVSS: 7.5EPSS: 1%CPEs: 206EXPL: 0CVE-2012-5977 – Gentoo Linux Security Advisory 201401-15
https://notcve.org/view.php?id=CVE-2012-5977
04 Jan 2013 — Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones, when anonymous calls are enabled, allow remote attackers to cause a denial of service (resource consumption) by making anonymous calls from multiple sources and consequently adding many entries to the device state cache. Asterisk Open Source v1.8.x anteriores a v1.8.19.1, v10.x anteriores a v10.11.1, ... • http://downloads.asterisk.org/pub/security/AST-2012-015 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 29%CPEs: 206EXPL: 0CVE-2012-5976 – Gentoo Linux Security Advisory 201401-15
https://notcve.org/view.php?id=CVE-2012-5976
04 Jan 2013 — Multiple stack consumption vulnerabilities in Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones allow remote attackers to cause a denial of service (daemon crash) via TCP data using the (1) SIP, (2) HTTP, or (3) XMPP protocol. Multiples vulnerabilidades de consumo en Asterisk Open Source v1.8.x anteriores a v1.8.19.1, v10.x anteriores a v10.11.1, y v1... • http://downloads.asterisk.org/pub/security/AST-2012-014 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2012-1183
https://notcve.org/view.php?id=CVE-2012-1183
18 Sep 2012 — Stack-based buffer overflow in the milliwatt_generate function in the Miliwatt application in Asterisk 1.4.x before 1.4.44, 1.6.x before 1.6.2.23, 1.8.x before 1.8.10.1, and 10.x before 10.2.1, when the o option is used and the internal_timing option is off, allows remote attackers to cause a denial of service (application crash) via a large number of samples in an audio packet. Vulnerabilidad de desboramiento de buffer basado en memoria dinámica en la función milliwatt_generate en main/utils.c en Asterisk ... • http://archives.neohapsis.com/archives/bugtraq/2012-03/0069.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.3EPSS: 0%CPEs: 208EXPL: 0CVE-2011-4597
https://notcve.org/view.php?id=CVE-2011-4597
15 Dec 2011 — The SIP over UDP implementation in Asterisk Open Source 1.4.x before 1.4.43, 1.6.x before 1.6.2.21, and 1.8.x before 1.8.7.2 uses different port numbers for responses to invalid requests depending on whether a SIP username exists, which allows remote attackers to enumerate usernames via a series of requests. La implementación de SIP sobre UDP de Asterisk Open Source 1.4.x anteriores a 1.4.43, 1.6.x anteriores a 1.6.2.21, y 1.8.x anteriores a 1.8.7.2 utiliza diferentes números de puertos para respuestas a pe... • http://archives.neohapsis.com/archives/bugtraq/2011-12/0151.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 3%CPEs: 162EXPL: 0CVE-2011-2529
https://notcve.org/view.php?id=CVE-2011-2529
06 Jul 2011 — chan_sip.c in the SIP channel driver in Asterisk Open Source 1.6.x before 1.6.2.18.1 and 1.8.x before 1.8.4.3 does not properly handle '\0' characters in SIP packets, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted packet. chan_sip.c en el controlador de canal SIP en Asterisk Open Source v1.6.x anterior a v1.6.2.18.1 y v1.8.x anteriores a v1.8.4.3 no manejan adecuadamente los caracteres '\0' en los paquetes SIP, lo que pe... • http://downloads.asterisk.org/pub/security/AST-2011-008.diff • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 195EXPL: 0CVE-2011-2535
https://notcve.org/view.php?id=CVE-2011-2535
06 Jul 2011 — chan_iax2.c in the IAX2 channel driver in Asterisk Open Source 1.4.x before 1.4.41.1, 1.6.2.x before 1.6.2.18.1, and 1.8.x before 1.8.4.3, and Asterisk Business Edition C.3 before C.3.7.3, accesses a memory address contained in an option control frame, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a crafted frame. chan_iax2.c en el controlador de canal IAX2 en Asterisk Open Source v1.4.x anteriores a v1.4.41.1, v1.6.2.x anteriores a v... • http://downloads.asterisk.org/pub/security/AST-2011-010-1.8.diff • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 198EXPL: 0CVE-2011-2536
https://notcve.org/view.php?id=CVE-2011-2536
06 Jul 2011 — chan_sip.c in the SIP channel driver in Asterisk Open Source 1.4.x before 1.4.41.2, 1.6.2.x before 1.6.2.18.2, and 1.8.x before 1.8.4.4, and Asterisk Business Edition C.3.x before C.3.7.3, disregards the alwaysauthreject option and generates different responses for invalid SIP requests depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of requests. chan_sip.c en el controlador de canal SIP en Asterisk Open Source v1.4.x anteriores a v1.4.41.2,... • http://downloads.asterisk.org/pub/security/AST-2011-011-1.8.diff • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 158EXPL: 0CVE-2011-2666
https://notcve.org/view.php?id=CVE-2011-2666
06 Jul 2011 — The default configuration of the SIP channel driver in Asterisk Open Source 1.4.x through 1.4.41.2 and 1.6.2.x through 1.6.2.18.2 does not enable the alwaysauthreject option, which allows remote attackers to enumerate account names by making a series of invalid SIP requests and observing the differences in the responses for different usernames, a different vulnerability than CVE-2011-2536. La configuración por defecto del controlador del canal SIP en Asterisk Open Source 1.4.x hasta 1.1.41.2 y 1.6.2.x hasta... • http://downloads.asterisk.org/pub/security/AST-2011-011.html • CWE-16: Configuration •
CVSS: 7.5EPSS: 0%CPEs: 224EXPL: 0CVE-2011-1507
https://notcve.org/view.php?id=CVE-2011-1507
27 Apr 2011 — Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 do not restrict the number of unauthenticated sessions to certain interfaces, which allows remote attackers to cause a denial of service (file descriptor exhaustion and disk space exhaustion) via a series of TCP connections. Asterisk Open Source v1.4.x antes de v1.4.40.1, v1.6.1.x antes de v1.6.1.25, v1.6.2.x antes v1.6.2.17.3, y v1.8.x a... • http://downloads.digium.com/pub/security/AST-2011-005.html • CWE-399: Resource Management Errors •
CVSS: 9.0EPSS: 0%CPEs: 224EXPL: 0CVE-2011-1599
https://notcve.org/view.php?id=CVE-2011-1599
27 Apr 2011 — manager.c in the Manager Interface in Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 does not properly check for the system privilege, which allows remote authenticated users to execute arbitrary commands via an Originate action that has an Async header in conjunction with an Application header. manager.c en la interfaz de administrador de Asterisk Open Source v1.4.x antes de v1.4.40.... • http://downloads.digium.com/pub/security/AST-2011-006.html • CWE-20: Improper Input Validation •